PT-2025-27968 · Linux+5 · Linux Kernel+5

Published

2025-06-11

·

Updated

2026-05-26

·

CVE-2025-38193

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified)
Description: A vulnerability in the Linux kernel has been resolved, related to the SFQ perturb period in the net sched module. The issue was reported by Gerrard Tai, who found that the SFQ perturb period had no range check, which could be used to trigger a race condition. To prevent this, a check has been added to ensure that ctl->perturb period * HZ will not overflow and is positive. The vulnerability can be triggered by setting an invalid perturb period, such as a negative value or a value that is too large.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Race Condition

Weakness Enumeration

CWE-190CWE-362

Related Identifiers

AZL-64764
BDU:2025-09617
CVE-2025-38193
DLA-4327-1
DLA-4328-1
DSA-5973-1
ECHO-C279-6E82-3C65
MGASA-2025-0218
MGASA-2025-0219
OESA-2026-2417
OESA-2026-2418
OPENSUSE-SU-2025:20081-1
SUSE-SU-2025:02846-1
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025:21074-1
SUSE-SU-2025:21139-1
SUSE-SU-2025:21179-1
SUSE-SU-2025_02846-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7856-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Debian
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu